git.ipfire.org Git - thirdparty/openssl.git/commit

author	Shane Lontis <shane.lontis@oracle.com>
	Mon, 12 Apr 2021 00:38:16 +0000 (10:38 +1000)
committer	Shane Lontis <shane.lontis@oracle.com>
	Tue, 13 Apr 2021 03:06:37 +0000 (13:06 +1000)
commit	3fed27181a9b5e26216b3cad679b0f601c90ac2a
tree	1cc60dadeae990c97162117d857442f2332d971a	tree \| snapshot
parent	28fd8953059fe7d9acd57ef6620457cb41a80509	commit \| diff

Add FIPS Self test for AES_ECB decrypt

Fixes #14807

Compliance with IG 9.4 requires that an inverse cipher function be
tested if one is implemented. Just running AES_GCM encrypt/decrypt does not meet this
requirement (Since only ECB, CBC, XTS, KW, KWP support the inverse
function during decryption mode).

Added a mode to the cipher test so that the AES_GCM only does an encrypt
and AES_ECB only does a decrypt. TDES still does both.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14825)

doc/man7/OSSL_PROVIDER-FIPS.pod		diff \| blob \| blame \| history
include/openssl/self_test.h		diff \| blob \| blame \| history
providers/fips/self_test_data.inc		diff \| blob \| blame \| history
providers/fips/self_test_kats.c		diff \| blob \| blame \| history
test/recipes/03-test_fipsinstall.t		diff \| blob \| blame \| history